1. Field of the Invention
This disclosure relates generally to the field of secure communications, and in particular to the issuance and management of certificates for authenticating messages.
2. Description of Related Art
The use of computer networks and telecommunication systems for various transactions has markedly increased in recent years. Traditional transactions such as shopping, purchasing, banking, and investment services have experienced growth in new directions due to the application of computers and telecommunications.
While traditional transactions have heretofore been conducted typically on a person-to-person basis, many telecommunication-based transactions are conducted remotely and sight-unseen; i.e. the participants in telecommunication-based transactions may never meet.
With such telecommunication-based transactions, there is an increasing need to recognize and verify the authenticity of a remote user of electronic services, including such services involving consumers of all types of electronic transactions such as purchases over the Internet, home banking, electronic transfers of funds, and electronic brokerage services. Such electronic transactions may also involve users of remote repositories of data, for example, to access classified records, medical records, billing records, and unclassified but sensitive data, such as company records. Other relevant areas requiring adequate or even absolute security include authentication of signers of electronic documents such as contracts. In general, any electronic service of value, provided over a local network or a public network, requires authentication of the requester in order to protect the value of the service. More valuable services typically require a greater degree of authentication.
Historically, access to electronic services has been provided through identification techniques such as account names and authentication techniques such as personal identification numbers (PINs) and passwords. Such authentication techniques have not proven to be very secure since PINs and passwords are often easily guessed, hard to remember, or subject to discovery by exhaustive automated searches. Recently, digital certificates have emerged as a leading candidate for authenticating electronic transactions.
Ideally, a digital certificate, such as those defined by the X.509 and ANSI X.9 standards, allows users or buyers and sellers to authenticate electronic documents and electronic transactions in a manner analogous to the authentication of documents by a Notary Public in person-to-person transactions. The combination of cryptographic techniques, including public key cryptography, and the use of digital certificates provides greater integrity, privacy and a degree of authentication for on-line electronic transactions which instills a greater level of confidence in the electronic services consumer.
For example, such authenticating certificates in the prior art may be generated by concatenating a message and a public key with a set 10 of data as shown in FIG. 1, which may be in a sequence and which may include a subject unique ID 12 corresponding to the subject; that is, the individual or entity such as a corporation, having the public key. As shown in FIG. 1, other fields in the set 10 of data may include a version number, a serial number for the certificate with respect to a sequence of generated certificates, the name of the issuer, a validity period to determine an expiration of validity of the certificate, a subject name identifying the user or individual sending the transaction, an issuer unique ID number, and other data extensions indicating privileges and attributes of the certificate, such as access privileges.
The subject unique ID 12 of the user may include M bits representing, for example, a social security number or a password associated with the user sending the transaction. Typically, M.apprxeq.50 bits.apprxeq.6bytes or less.
The authenticating certificate, being the concatenation of the set 10 of data with the public key and the transaction data, is then processed, for example, using a hash function such as a one-way hashing function, to generate a hashed value. The hashed value is then signed; that is, encrypted, using the private key of the user to generate a digital signature 14. The digital signature 14 is then appended to the authenticating certificate and the message, such as an electronic transaction,for transmission over, for example, a network.
The X.509 and ANSI X.9 standards described above incorporate a hash function to generate unique digital signatures 14 from a respective set 10 of data. Such one-way hashing functions enable the transaction data to be computationally infeasible to derive solely from the hash value.
While the use in the prior art of authenticating certificates incorporating digital certificates improves transactions employing electronic authentication, it still falls short of actually authenticating a human transactor, such as a consumer. Instead, such digital certificates in the prior art only authenticate the private cryptographic key used in the transaction or signature. Since private keys are physically stored on computers and/or electronic storage devices, such private keys are not physically related to the entities associated with the private keys. For example, a private key is assigned to an entity, which may be a group of people, an organization such as a company, or even groups of organizations, and so private keys are not limited to actual human individuals.
Identification indica of individuals may be subdivided into three broad categories: indica based on the physical characteristics of the individual, that is, what the individual is; indicia based on one's knowledge, such as passwords known to the individual; and indicia based on assigned information, that is, what another individual has associated with the identified individual, or what the identified individual chooses with which to be associated. The first category having physical indicia relates to the biometric data of an individual, and includes characteristic features such as genetic composition, fingerprints, hand geometry, iris and retinal appearance, etc., which are unique to each individual, with known exceptions such as the identical genetic compositions of twins.
The second and third categories having known and/or assigned indicia includes information which the individual knows and/or is charged with memorizing and divulging for authentication, such as social security number, mother's maiden name, access codes such as long distance calling card numbers, and personal passwords. The second category also includes information and/or objects which the individual owns and/or is charged with carrying and divulging for authentication, such as driver's licenses and passports.
Private keys are assigned indicia. Accordingly, the lack of physical identification of a human transactor with a private key is a flaw in authentication techniques in the prior art using such private keys. Other authentication and security techniques in the prior art are similarly flawed, since many authentication and security techniques rely on identification indicia of the second category.
Techniques are known in the art for authenticating an individual based on identification indica of the first category; that is, by physical characteristics. For example, U.S. Pat. No. 4,641,349 to Flom et al. discloses a system for performing iris recognition. Typically, such physical characteristics identifying techniques require complicated computational operations for the capture and accurate classification of physical characteristics, since such physical characteristics are unique to each individual. Accordingly, the identification indicia for such physical characteristics generally requires a relatively large amount of memory to store and classify such identification indicia.
Heretofore, the relatively large computational demands of authentication techniques based on physical characteristics has prevented such authentication techniques from being implemented in electronic transactions.